Main Vulnerability Database SB20241112127

SB20241112127 - Environment manipulation via query string in Laravel

Published: November 12, 2024 Updated: June 20, 2025

Security Bulletin ID SB20241112127

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Security features bypass (CVE-ID: CVE-2024-52301)

CWE-ID: CWE-254 - Security Features

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists due to the application allows environment variable manipulation when the register_argc_argv php directive is set to on. A remote attacker can query any URL with a special crafted query string and alter values of environment variables. This can result in disclosure of sensitive information and potential unauthorized data manipulation.

Remediation

Install update from vendor's website.

References

https://github.com/laravel/framework/security/advisories/GHSA-gv7v-rgg6-548h